package com.jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;

public class Main {
	public static void main(String[] args) {
		Scanner sc = new Scanner(System.in);
		System.out.println("请输入账号：");
		String name = sc.next();
		System.out.println("请输入密码：");
		String pwd = sc.next();
		
		
		System.out.println(name);
		
		/*
		 * 账号1为：hch，密码为：123456 账号2为：wkj，密码为：123456 sm验证账号密码登陆 SQL注入测试
		 * 已知账号为hch，不知密码， 通过使用sql注入，在输入账号时输入hch'#,在输入密码时随便输入，也会发现登陆成功。
		 */
		// ConnectionUtil con = new ConnectionUtil();
		// Connection conn = con.getcConnection();
		// StatementUtil su = new StatementUtil();
		// Statement sm = su.getStatement(conn);
		// ResultSetUtil ru = new ResultSetUtil();
		// String sql = " select name,pwd from student where name = '" + name
		// + " 'and pwd = '" + pwd + "'";
		// ResultSet rs = ru.getResultSet(sm, sql);
		// try {
		// boolean flag = false;
		// while (rs.next()) {
		// flag = true;
		// }
		// if (flag == true) {
		// System.out.println("登陆成功！");
		// } else {
		// System.out.println("登陆失败！");
		// }
		// rs.close();
		// sm.close();
		// conn.close();
		// } catch (SQLException e) {
		// // TODO Auto-generated catch block
		// e.printStackTrace();
		// }

		/*
		 * 用psm验证账号密码登陆
		 * 可以防止sql注入的问题
		 */
		ConnectionUtil con1 = new ConnectionUtil();
		Connection conn1 = con1.getcConnection();

		String sql1 = " SELECT name,pwd FROM student where name = ? AND pwd = ? ";

		PreparedStatementUtil ps = new PreparedStatementUtil();
		PreparedStatement psm = ps.getPreparedStatement(conn1, sql1);

		try {
			boolean flag = false;
			psm.setString(1, name);
			psm.setString(2, pwd);
			ResultSet rs = psm.executeQuery();
			while (rs.next()) {
				flag = true;
			}
			if (flag == true) {
				System.out.println("登陆成功！");
			} else {
				System.out.println("登陆失败！");
			}

		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}

	}
}
